Closed GoogleCodeExporter closed 9 years ago
Original comment by Rob...@gmail.com
on 22 Feb 2013 at 6:08
Although not directly part of a release, I haev assigned to 11.1 to give it
better visibility and to allow it to be scheduled ahead of work for release 11.2
Original comment by Rob...@gmail.com
on 5 Mar 2013 at 8:10
Will aim to provide IIS logs over a web accessible URL
Original comment by Hui....@gmail.com
on 6 Mar 2013 at 12:38
[deleted comment]
[deleted comment]
[deleted comment]
[deleted comment]
Removed coments with links to log file.
I have done some initial investigation and I agree with Roy that a regular
'culprit' IP addresss is 103.246.36.212 (Blue Coat - http://www.bluecoat.com/).
I have contacted Blue Coat technical support to understand why this may be
happening. I am expecting a response in the next day or two.
Original comment by Rob...@gmail.com
on 14 Mar 2013 at 12:57
[deleted comment]
[deleted comment]
We should block that address
Some more info on Blue Coat...
http://bluecoat.com
inetnum: 103.246.36.0 - 103.246.39.255
netname: BLUECOAT-CS-AP
descr: 420 N. Mary Avenue
country: AU
admin-c: DB381-AP
tech-c: DB381-AP
status: ASSIGNED PORTABLE
mnt-by: APNIC-HM
mnt-routes: MAINT-BLUECOAT-CS-AP
mnt-irt: IRT-BLUECOAT-CS-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20110705
source: APNIC
role: Daniel Bellazetin
address: 420 North Mary Avenue Sunnyvale, CA 94085-4121
country: US
phone: +018019992975
e-mail: daniel.bellazetin@bluecoat.com
admin-c: DB381-AP
tech-c: DB381-AP
nic-hdl: DB381-AP
mnt-by: MAINT-BLUECOAT-CS-AP
changed: hm-changed@apnic.net
source: APNIC
Original comment by Hui....@gmail.com
on 14 Mar 2013 at 1:01
BP ticket 915314
I've also sent mail to bluecoat previously, and they denied that they have
anything to do with it.
Original comment by Hui....@gmail.com
on 14 Mar 2013 at 1:02
I have emailed Roy and Miki the full list of /checkout/success logs entries and
identified duplicates from the list.
There is no consistent IP address that is the culprit.
We will need further investigation based on the logs.
One specific question: how can we get a /checkout/success entry when there are
blank parameters? Is this a user 'cancelling' from PayPal?
Original comment by Rob...@gmail.com
on 19 Mar 2013 at 10:03
EMAILS FROM ROY. THIS ISSUE CAN NOW BE CLOSED.
From: Roy Hui [mailto:hui.roy@gmail.com]
Sent: Wednesday, 20 March, 2013 1:06 PM
To: Jonas, Robert
Cc: Brotzler, Miki
Subject: Re: Issue 428: duplicate paypal response
Hi guys,
We've investigated all the possible scenarios listed in the log, and confirm
that we are handling all the possibilities.
Thanks
Roy
From: Roy Hui [mailto:hui.roy@gmail.com]
Sent: Wednesday, 20 March, 2013 10:31 AM
To: Jonas, Robert
Cc: Brotzler, Miki
Subject: Re: Issue 428: duplicate paypal response
Hi Rob,
Anyone can access any URLs, so that means /success can be access without
parameters, URLs can be access twice in a row, or 30 seconds apart.
Understanding why is the important question, whether if it is a virus, a
trojan, a keyboard logger, or legitimately, a proxy, a firewall, a proxy
server, or even a telco.
I think as long as we don't have failed transactions because of this, we should
be ok.
We will investigate and see if we can come up with anything else.
Cheers,
Roy
On Wed, Mar 20, 2013 at 10:18 AM, Jonas, Robert <Robert.Jonas@auspost.com.au>
wrote:
Hi Roy,
I have supplied the data set of ‘checkout/success’ log entries – filtered
to show duplicates.
There are some very strange entries in here:
• How can I have a ‘/checkout/success’ with a “-“ parameter?
• How can I have a replicated ‘/checkout/success’ with the same
order parameters up to 30 seconds apart?
• How can I have a replicated ‘/checkout/success’ from the same
IP address?
Can your team please investigate so we can understand the situation (and also
understand if FHD is appropriately handling the replicated situations)?
Cheers,
Rob
Original comment by Rob...@gmail.com
on 20 Mar 2013 at 9:42
Original issue reported on code.google.com by
Rob...@gmail.com
on 23 Jan 2013 at 10:14